[tproxy] Does TPROXY work on a bridge without IP address?
Laszlo Attila Toth
panther at balabit.hu
Wed Feb 20 11:57:43 CET 2008
Hello,
Bryan Liang wrote:
> < No, it doesn't work without an IP address because tproxy2 uses nat rules
> < which require an IP address on the bridge interface too.
> <
> < If another host connects to a proxy application, the proxy gets the
> < incoming packets but it has to respond with others. The latter packets
> < cannot be routed without that IP address.
>
> < -
> < Panther
>
> Thanks Panther. Are there any plans to let TPROXY work in this request?
As I mentioned above: it won't work, because the outgoing packets (from
a proxy application) must be routed before reaching the real network. I
don't know another solution. Also the
>
> Because in some environment, IP address can not be assigned on the bridge.
> If we need to put the linux box at the front of internet gateway, there
> will be no IP address assigned.
But it may have one.
AFAIK the only reasonable environment for a bridge without IP address is
where the linux box is used for traffic spoofing (especially intrusion
detections). This is not necessary for transparent proxying.
--
Panther
More information about the tproxy
mailing list